oss-sec mailing list archives
Re: CVE request: Mplayer/Mencoder read out-of-bounds parsing a mp3 file
From: cve-assign () mitre org
Date: Sun, 29 May 2016 13:45:22 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A read out-of-bounds parsing a mp3 file was found in the last revision of mplayer. Technical details and a reproducer are available here: https://trac.mplayerhq.hu/ticket/2298
Component: libavcodec libavformat version 57.34.103 (internal) AddressSanitizer: heap-buffer-overflow READ of size 4 in avcodec_decode_audio4
Use CVE-2016-5115 for this libavcodec issue. We did not check whether this affects any versions of FFmpeg. libavformat version 57.34.103 is more recent than in FFmpeg 3.0.2, for example. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXSyoVAAoJEHb/MwWLVhi2sOkP/3FeYYp5pcAVPHm4Lx3qM9Rr LZYC8ph+Cn8HSTxMhOO+jtTe7DdlXkMvHWMRDGAreaw/RKTT4OjY+iF3u2zdpd6n Txw31NSKyToof4jVWTojxibkjUa3mAXdNYo9hIW9DL5YBtIz0mYLxoRu5gnNg+V4 pMN/aSKVfiB9W4W36tpo6al8fyEOHakYgqetbkOpV9O40j1nfO9qywGrLA+tWg6Z b+aLByyLRTYbCoTuuEKYhP/wE78KnVLZRxzoMPSGL0rCFDeQYYBR9ha5bW3n3Dzo zPag7BqUafbIDOfnhPmbh+FkGqySuHTJxqfZycPH4RymDMzLW0Wb5wtuI+xc13Nx c7SpdLhX1fQcXBwPUmv0qdhbDMPpGgoovRPvKxCDH2sXR7+ZCtP7QUv2wO7gqe3w mMqJsORLguf81m4r95QC/Nm0np6GVwDEkNCaQkJft8p3CbACib2NoY3i2OSBEqKB RO5n4Wq6TIeMpoNTQhTxN2Zhni/ZQ+88Uo2qQP5YPH2griPAUADXopypv7hhCSsx UZpiLvdRJrMevXMU1D8llqvTfOtYzVoJ7IWlDbg+vtJhQEwyMhT0HYjamkLVusm9 TnfIshGwWKq3jtre3xqDez24S/N9zvTA9FaFQtJb+we95n5cSrZJb17RhOii52M+ tZGsRx2O5Wsp/74wvnli =nzCw -----END PGP SIGNATURE-----
Current thread:
- CVE request: Mplayer/Mencoder read out-of-bounds parsing a mp3 file Gustavo Grieco (May 29)
- Re: CVE request: Mplayer/Mencoder read out-of-bounds parsing a mp3 file cve-assign (May 29)